master
Joey Hess 2021-03-29 14:02:19 -04:00
parent 9a173d91bb
commit 79a2bb59e9
No known key found for this signature in database
GPG Key ID: DB12DB0FF05F8F38
1 changed files with 38 additions and 0 deletions

View File

@ -25,3 +25,41 @@ Anon git push is broken again
>> you decide to drop it from `ikiwiki.info`, would you leave the code as-is, >> you decide to drop it from `ikiwiki.info`, would you leave the code as-is,
>> or drop it as broken? Any further clues what went wrong this time? >> or drop it as broken? Any further clues what went wrong this time?
>> *—[[Jon]], 2021-01-13* >> *—[[Jon]], 2021-01-13*
----
The HEAD.lock permissions error does not come from the post-receive hook or
from ikiwiki when it runs it. Instead, stracing git-daemon shows that it
happens after ikiwiki has checked the push and accepted it, and exited
successfully.
So the problem is that git-daemon is unable to write to the git repo.
drwxr-sr-x+ 8 b-git-annex b-git-annex 4096 Mar 29 17:07 /home/b-git-annex/source.git/
ikiwiki-hosting's ikisite is supposed to arrange for git-daemon
to be able to write there by using an ACL, so something about that
must be what is broken now. --[[Joey]]
Ok, found the problem. ikisite runs setfacl, and that does the right thing.
Then ikisite runs chmod on the source.git directory (to make it suid as seen
above). That seems to mess up the ACLs that were set earlier.
The diff from good to bad ACLs, as shown by getfacl is:
-group::rwx
-group:ikiwiki-anon:rwx
-group:b-ikiwiki:rwx
-group:b-git-annex:rwx
-mask::rwx
+group::rwx #effective:r-x
+group:ikiwiki-anon:rwx #effective:r-x
+group:b-ikiwiki:rwx #effective:r-x
+group:b-git-annex:rwx #effective:r-x
+mask::r-x
I don't understand ACLs or how a chmod could clear them but ok, ikisite needs
to chmod before setting the ACLS.
This is not an ikiwiki bug and I'll fix it in ikisite-hosting then. [[done]]
--[[Joey]]